Sunday, October 12, 2014

OpenVPN-- Creating a Secure Portal to a Private Network With NO Port Forwarding!

If the title of this post got your attention, you are probably well on your way to building your own insane digital empire. OpenVPN is key here, and it's awesome, free, and open source (of course!). Us *nuxers are pretty familiar with Virtual Private Networks and the security and convenience that they provide. Many of us have several different VPN's (at least I do) running on different servers across the globe. This allows one to have multiple virtual identities, and in turn to keep the prying eyes of the NSA just that much more confused when they try to track us down. It also obviously allows you to be on the same private, secure, and (virtually) local network as another machine you may with to access.

Of course, out of all the networks in you arsenal, the one that you ought to be most concerned about is your home network. Now, if I had the money, I would set my Verizon Cable Modem on fire, purchase a secure modem to replace it, and another access point, a network bridge (to allow incoming connections to my home server but not the rest of my home network) a Raspberry PI with two Gigabit ethernet ports (running IPCop) to act as a firewall, and God knows what else. THEN I could safely run yet another ovpn network from my home. But I really don't want to deal with all of that... which is why I use openvpn to begin with.

Okay, let's back up a bit: So, I have a server at home, and it is acting as maybe a  media server, home-security system control panel, and maybe some other stuff that you do NOT want accessible from the outside world. But what if I want to be able to access this server when I'm on the road? Well, I could open up a port on my crappy spyware-infested Verizon router, but that would not be very secure because it only has a stateful firewall, and these days you need a firewall capable of doing application-level-inspection if you are going to allow outside access to a secure network (like the one at home). So that idea is out...

Today I discovered a solution. I simply connected my home server as a client to one of my remote VPS server's VPN's. I had to tweak the server configuration to not route all of my home servers traffic through the VPN, because that would make my home server useless while I am at home. Then I configured the IPTables on the home server to allow access to http, ssh, ect over the VPN... and eureka! The server is now accessible, remotely, via my remote VPN, and there are no open ports on my home network! Fucking right.

No comments:

Post a Comment